BearerAuth and multiple tokens support in remoteStorage app
This commit is contained in:
parent
6c6b570ff1
commit
9850820b42
|
@ -0,0 +1,61 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
/**
|
||||||
|
* HTTP Bearer Authentication handler
|
||||||
|
*
|
||||||
|
* Use this class for easy http authentication setup
|
||||||
|
*
|
||||||
|
* @package Sabre
|
||||||
|
* @subpackage HTTP
|
||||||
|
* @copyright Copyright (C) 2007-2011 Rooftop Solutions. All rights reserved.
|
||||||
|
* @author Evert Pot (http://www.rooftopsolutions.nl/)
|
||||||
|
* @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
|
||||||
|
*/
|
||||||
|
class Sabre_HTTP_BearerAuth extends Sabre_HTTP_AbstractAuth {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns the supplied username and password.
|
||||||
|
*
|
||||||
|
* The returned array has two values:
|
||||||
|
* * 0 - username
|
||||||
|
* * 1 - password
|
||||||
|
*
|
||||||
|
* If nothing was supplied, 'false' will be returned
|
||||||
|
*
|
||||||
|
* @return mixed
|
||||||
|
*/
|
||||||
|
public function getUserPass() {
|
||||||
|
|
||||||
|
// Apache and mod_php
|
||||||
|
if (($user = $this->httpRequest->getRawServerValue('PHP_AUTH_USER')) && ($pass = $this->httpRequest->getRawServerValue('PHP_AUTH_PW'))) {
|
||||||
|
|
||||||
|
return array($user,$pass);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
// Most other webservers
|
||||||
|
$auth = $this->httpRequest->getHeader('Authorization');
|
||||||
|
|
||||||
|
if (!$auth) return false;
|
||||||
|
|
||||||
|
if (strpos(strtolower($auth),'bearer')!==0) return false;
|
||||||
|
|
||||||
|
return explode(':', base64_decode(substr($auth, 7)));
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns an HTTP 401 header, forcing login
|
||||||
|
*
|
||||||
|
* This should be called when username and password are incorrect, or not supplied at all
|
||||||
|
*
|
||||||
|
* @return void
|
||||||
|
*/
|
||||||
|
public function requireLogin() {
|
||||||
|
|
||||||
|
$this->httpResponse->setHeader('WWW-Authenticate','Basic realm="' . $this->realm . '"');
|
||||||
|
$this->httpResponse->sendStatus(401);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -33,6 +33,7 @@ require_once('../../lib/base.php');
|
||||||
OC_Util::checkAppEnabled('remoteStorage');
|
OC_Util::checkAppEnabled('remoteStorage');
|
||||||
require_once('Sabre/autoload.php');
|
require_once('Sabre/autoload.php');
|
||||||
require_once('lib_remoteStorage.php');
|
require_once('lib_remoteStorage.php');
|
||||||
|
require_once('BearerAuth.php');
|
||||||
require_once('oauth_ro_auth.php');
|
require_once('oauth_ro_auth.php');
|
||||||
|
|
||||||
ini_set('default_charset', 'UTF-8');
|
ini_set('default_charset', 'UTF-8');
|
||||||
|
|
|
@ -68,14 +68,14 @@ if(count($pathParts) == 2 && $pathParts[0] == '') {
|
||||||
} else if($k=='redirect_uri'){
|
} else if($k=='redirect_uri'){
|
||||||
$appUrl=$v;
|
$appUrl=$v;
|
||||||
} else if($k=='scope'){
|
} else if($k=='scope'){
|
||||||
$category=$v;
|
$categories=$v;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$currUser = OC_User::getUser();
|
$currUser = OC_User::getUser();
|
||||||
if($currUser == $ownCloudUser) {
|
if($currUser == $ownCloudUser) {
|
||||||
if(isset($_POST['allow'])) {
|
if(isset($_POST['allow'])) {
|
||||||
//TODO: check if this can be faked by editing the cookie in firebug!
|
//TODO: check if this can be faked by editing the cookie in firebug!
|
||||||
$token=OC_remoteStorage::createCategory($appUrl, $category);
|
$token=OC_remoteStorage::createCategories($appUrl, $categories);
|
||||||
header('Location: '.$_GET['redirect_uri'].'#access_token='.$token.'&token_type=bearer');
|
header('Location: '.$_GET['redirect_uri'].'#access_token='.$token.'&token_type=bearer');
|
||||||
} else {
|
} else {
|
||||||
echo '<form method="POST"><input name="allow" type="submit" value="Allow this web app to store stuff on your owncloud."></form>';
|
echo '<form method="POST"><input name="allow" type="submit" value="Allow this web app to store stuff on your owncloud."></form>';
|
||||||
|
|
|
@ -2,12 +2,14 @@
|
||||||
|
|
||||||
class OC_remoteStorage {
|
class OC_remoteStorage {
|
||||||
public static function getValidTokens($ownCloudUser, $category) {
|
public static function getValidTokens($ownCloudUser, $category) {
|
||||||
$query=OC_DB::prepare("SELECT token,appUrl FROM *PREFIX*authtoken WHERE user=? AND category=? LIMIT 100");
|
$query=OC_DB::prepare("SELECT token,appUrl,category FROM *PREFIX*authtoken WHERE user=? LIMIT 100");
|
||||||
$result=$query->execute(array($ownCloudUser,$category));
|
$result=$query->execute(array($ownCloudUser));
|
||||||
$ret = array();
|
$ret = array();
|
||||||
while($row=$result->fetchRow()){
|
while($row=$result->fetchRow()){
|
||||||
|
if(in_array($category, explode(',', $row['category']))) {
|
||||||
$ret[$row['token']]=true;
|
$ret[$row['token']]=true;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
return $ret;
|
return $ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -19,7 +21,7 @@ class OC_remoteStorage {
|
||||||
while($row=$result->fetchRow()){
|
while($row=$result->fetchRow()){
|
||||||
$ret[$row['token']] = array(
|
$ret[$row['token']] = array(
|
||||||
'appUrl' => $row['appurl'],
|
'appUrl' => $row['appurl'],
|
||||||
'category' => $row['category'],
|
'categories' => $row['category'],
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
return $ret;
|
return $ret;
|
||||||
|
@ -30,16 +32,17 @@ class OC_remoteStorage {
|
||||||
$query=OC_DB::prepare("DELETE FROM *PREFIX*authtoken WHERE token=? AND user=?");
|
$query=OC_DB::prepare("DELETE FROM *PREFIX*authtoken WHERE token=? AND user=?");
|
||||||
$result=$query->execute(array($token,$user));
|
$result=$query->execute(array($token,$user));
|
||||||
}
|
}
|
||||||
private static function addToken($token, $appUrl, $category){
|
private static function addToken($token, $appUrl, $categories){
|
||||||
$user=OC_User::getUser();
|
$user=OC_User::getUser();
|
||||||
$query=OC_DB::prepare("INSERT INTO *PREFIX*authtoken (`token`,`appUrl`,`user`,`category`) VALUES(?,?,?,?)");
|
$query=OC_DB::prepare("INSERT INTO *PREFIX*authtoken (`token`,`appUrl`,`user`,`category`) VALUES(?,?,?,?)");
|
||||||
$result=$query->execute(array($token,$appUrl,$user,$category));
|
$result=$query->execute(array($token,$appUrl,$user,$categories));
|
||||||
}
|
}
|
||||||
public static function createCategory($appUrl, $category) {
|
public static function createCategories($appUrl, $categories) {
|
||||||
$token=uniqid();
|
$token=uniqid();
|
||||||
self::addToken($token, $appUrl, $category);
|
|
||||||
//TODO: input checking on $category
|
|
||||||
OC_Util::setupFS(OC_User::getUser());
|
OC_Util::setupFS(OC_User::getUser());
|
||||||
|
self::addToken($token, $appUrl, $categories);
|
||||||
|
foreach($categories as $category) {
|
||||||
|
//TODO: input checking on $category
|
||||||
$scopePathParts = array('remoteStorage', $category);
|
$scopePathParts = array('remoteStorage', $category);
|
||||||
for($i=0;$i<=count($scopePathParts);$i++){
|
for($i=0;$i<=count($scopePathParts);$i++){
|
||||||
$thisPath = '/'.implode('/', array_slice($scopePathParts, 0, $i));
|
$thisPath = '/'.implode('/', array_slice($scopePathParts, 0, $i));
|
||||||
|
@ -47,6 +50,7 @@ class OC_remoteStorage {
|
||||||
OC_Filesystem::mkdir($thisPath);
|
OC_Filesystem::mkdir($thisPath);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
return base64_encode('remoteStorage:'.$token);
|
return base64_encode('remoteStorage:'.$token);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -34,7 +34,7 @@ class OC_Connector_Sabre_Auth_ro_oauth extends Sabre_DAV_Auth_Backend_AbstractBa
|
||||||
if(in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD', 'OPTIONS'))) {
|
if(in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD', 'OPTIONS'))) {
|
||||||
OC_Util::setUpFS();
|
OC_Util::setUpFS();
|
||||||
return true;
|
return true;
|
||||||
} else if(isset($this->validTokens[$password]) && $this->validTokens[$password] == $username) {
|
} else if(isset($this->validTokens[$password])) {
|
||||||
OC_Util::setUpFS();
|
OC_Util::setUpFS();
|
||||||
return true;
|
return true;
|
||||||
} else {
|
} else {
|
||||||
|
@ -47,7 +47,7 @@ die('not getting in with "'.$username.'"/"'.$password.'"!');
|
||||||
|
|
||||||
//overwriting this to make it not automatically fail if no auth header is found:
|
//overwriting this to make it not automatically fail if no auth header is found:
|
||||||
public function authenticate(Sabre_DAV_Server $server,$realm) {
|
public function authenticate(Sabre_DAV_Server $server,$realm) {
|
||||||
$auth = new Sabre_HTTP_BasicAuth();
|
$auth = new Sabre_HTTP_BearerAuth();
|
||||||
$auth->setHTTPRequest($server->httpRequest);
|
$auth->setHTTPRequest($server->httpRequest);
|
||||||
$auth->setHTTPResponse($server->httpResponse);
|
$auth->setHTTPResponse($server->httpResponse);
|
||||||
$auth->setRealm($realm);
|
$auth->setRealm($realm);
|
||||||
|
|
Loading…
Reference in New Issue